aws s3 policy setting

 

trying to set AWS S3 policy and i would have thought if i were to set it directly in the s3 bucket itself, i won't have to add a resource. Boy was i wrong.

This policy was the one that works, after so many time messing around with it. So the principal must be valid ARN. The resource too must be a legit ARN resource. 

In this example, i am denying user from uploading. Even though this user is configure to have ALL s3 permission by default, having this policy blocks the principal from uploading to this bucket.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PolicyForDenyUploadWithACL",
            "Effect": "Deny",
            "Principal": {
                "AWS": "must-be-a-valid-arn-pricipal"
            },
            "Action": "s3:PutObject",
            "Resource": "must-be-a-valid-arn-resource/*"
        }
    ]
}



Comments

Popular posts from this blog

The specified initialization vector (IV) does not match the block size for this algorithm